Hello, We would like to get SSO working for logging into SMA. We currently have is setup for Spam Quarantine in SMA but would like to get it working for the Administrative side. I followed the instructions that were provided in Ver 13 for ESA SSO, changing the needed settings for SMA. But when attempting to get in, I get: Error — Authorization Failure! Please contact your administrator. Is SSO supported for admin logins to SMA? If so, ideas on what my issue could be? Thanks Doug
This error indicates authentication passed, but authorization failed at the SMA. Focus on the settings within the Users > External Authentication > SAML. Attribute Name, Group Name, and Group Mapping.
Also, in one of the similar issues, it was found that the problem was with the difference in the “Sign Assertion”. Basically, the IdP was configured to retrieve only the ‘mail’ and ‘uid’ attributes, and none of them were matching the Group names on the SMA configuration.
I am involved in rolling out about 40 wifi networks using cisco 3602/2802 aps and cisco 5508 ISE. Our network offers a 2 step authentication with user and machine certificates as well as users needing to be in correct AD groups. The problem we have i...
ASA Site-to-Site VPN using IKEV1 Configuration Example
Configure a Site-to-Site IPSec IKEv1 Tunnel Between an ASA and a Cisco IOS Router
Site-to-Site IKEv2 Tunnel between ASA and Router Configuration Examples
Site-to-Site VPN Tunnel wit...
Dear Community, So, according to the Cisco ISE Release 2.7 Administrator Guide, it should be possible to use a remote lock/wipe on MDM-devices that connect through ISE on the network( see the screenshot in the attachment).The problem is that th...
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l...
Hi Everyone, Does anyone know if it is possible create a NAT for Cisco Anyconnect to a different IP so that the user doesn't have to use the External IP? We want to use a different dns name and assign to a different set group of users. Thank you...